Fixing SQL error when editing groups see #5625

13 years ago · b8e4024859
parent 4a4bbb5bc6
commit b8e4024859
4 changed files with 13 additions and 12 deletions
--- a/main/group/group.php
+++ b/main/group/group.php
@ -307,10 +307,10 @@ foreach ($group_cats as $index => $category) {

 			// Edit-links
 			if (api_is_allowed_to_edit(false, true)  && !(api_is_course_coach() && intval($this_group['session_id']) != intval($_SESSION['id_session']))) {
-				$edit_actions = '<a href="group_edit.php?'.api_get_cidreq().'&gidReq='.$this_group['id'].'"  title="'.get_lang('Edit').'">'.Display::return_icon('edit.png', get_lang('EditGroup'),'',ICON_SIZE_SMALL).'</a>&nbsp;';								
-				$edit_actions .= '<a href="'.api_get_self().'?'.api_get_cidreq().'&category='.$category['id'].'&amp;action=empty_one&amp;id='.$this_group['id'].'" onclick="javascript: if(!confirm('."'".addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES))."'".')) return false;" title="'.get_lang('EmptyGroup').'">'.Display::return_icon('clean.png',get_lang('EmptyGroup'),'',ICON_SIZE_SMALL).'</a>&nbsp;';				
-				$edit_actions .= '<a href="'.api_get_self().'?'.api_get_cidreq().'&category='.$category['id'].'&amp;action=fill_one&amp;id='.$this_group['id'].'" onclick="javascript: if(!confirm('."'".addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES))."'".')) return false;" title="'.get_lang('FillGroup').'">'.Display::return_icon('fill.png',get_lang('FillGroup'),'',ICON_SIZE_SMALL).'</a>&nbsp;';
-				$edit_actions .= '<a href="'.api_get_self().'?'.api_get_cidreq().'&category='.$category['id'].'&amp;action=delete_one&amp;id='.$this_group['id'].'" onclick="javascript: if(!confirm('."'".addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES))."'".')) return false;" title="'.get_lang('Delete').'">'.Display::return_icon('delete.png', get_lang('Delete'),'',ICON_SIZE_SMALL).'</a>&nbsp;';
+				$edit_actions = '<a href="group_edit.php?'.api_get_cidreq(true, false).'&gidReq='.$this_group['id'].'"  title="'.get_lang('Edit').'">'.Display::return_icon('edit.png', get_lang('EditGroup'),'',ICON_SIZE_SMALL).'</a>&nbsp;';								
+				$edit_actions .= '<a href="'.api_get_self().'?'.api_get_cidreq(true, false).'&category='.$category['id'].'&amp;action=empty_one&amp;id='.$this_group['id'].'" onclick="javascript: if(!confirm('."'".addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES))."'".')) return false;" title="'.get_lang('EmptyGroup').'">'.Display::return_icon('clean.png',get_lang('EmptyGroup'),'',ICON_SIZE_SMALL).'</a>&nbsp;';				
+				$edit_actions .= '<a href="'.api_get_self().'?'.api_get_cidreq(true, false).'&category='.$category['id'].'&amp;action=fill_one&amp;id='.$this_group['id'].'" onclick="javascript: if(!confirm('."'".addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES))."'".')) return false;" title="'.get_lang('FillGroup').'">'.Display::return_icon('fill.png',get_lang('FillGroup'),'',ICON_SIZE_SMALL).'</a>&nbsp;';
+				$edit_actions .= '<a href="'.api_get_self().'?'.api_get_cidreq(true, false).'&category='.$category['id'].'&amp;action=delete_one&amp;id='.$this_group['id'].'" onclick="javascript: if(!confirm('."'".addslashes(api_htmlentities(get_lang('ConfirmYourChoice'), ENT_QUOTES))."'".')) return false;" title="'.get_lang('Delete').'">'.Display::return_icon('delete.png', get_lang('Delete'),'',ICON_SIZE_SMALL).'</a>&nbsp;';
 				$row[] = $edit_actions;
 			}
 			if (!empty($this_group['nbMember'])) {
--- a/main/group/group_edit.php
+++ b/main/group/group_edit.php
@ -113,9 +113,9 @@ function check_group_members($value) {
 /*	MAIN CODE */

 // Build form
-$form = new FormValidator('group_edit');
+$form = new FormValidator('group_edit', 'post', api_get_self().'?'.api_get_cidreq());

-$form->addElement('header', '', $nameTools);
+$form->addElement('header', $nameTools);
 $form->addElement('hidden', 'action');
 $form->addElement('hidden', 'referer');

@ -138,7 +138,6 @@ $group_tutor_list = GroupManager :: get_subscribed_tutors($current_group['id']);
 $selected_users = array();
 $selected_tutors = array();
 foreach ($group_tutor_list as $index => $user) {    
-    //$possible_users[$user['user_id']] = api_get_person_name($user['firstname'], .$user['lastname']);
    $selected_tutors[] = $user['user_id'];
 }

--- a/main/inc/lib/groupmanager.lib.php
+++ b/main/inc/lib/groupmanager.lib.php
@ -1115,7 +1115,10 @@ class GroupManager {
 		$table_user = Database :: get_main_table(TABLE_MAIN_USER);
 		$table_group_user = Database :: get_course_table(TABLE_GROUP_USER);
 		$order_clause = api_sort_by_first_name() ? ' ORDER BY u.firstname, u.lastname' : ' ORDER BY u.lastname, u.firstname';
-		$group_id = Database::escape_string($group_id);
+        if (empty($group_id)) {
+            return array();
+        }
+		$group_id = intval($group_id);
 		$course_id = api_get_course_int_id();
 		
 		$sql = "SELECT ug.id, u.user_id, u.lastname, u.firstname, u.email, u.username 
--- a/main/inc/local.inc.php
+++ b/main/inc/local.inc.php
@ -823,7 +823,6 @@ if (isset($cidReset) && $cidReset) {

 // if the requested group is different from the group in session
 $gid = isset($_SESSION['_gid']) ? $_SESSION['_gid'] : '';
-var_dump($gid);
 if (isset($gidReq) && $gidReq != $gid) {
    $gidReset = true;
 }